Trivial question, but over the variants of realization broke his head.
A lot of them and every time there is some sort of drawback that makes you redo the whole scheme.
There is a Central server with all the consequences.
Open a branch in another city
1. Branch employees need to work in 1C Central office (solution: raise the VPN tunnel, custom terminal server in the DMZ Central office)
2. Should be full access to the network branch of the Central access (solution: raise the VPN tunnel, a configurable trust relationship between the domains)
3. Branch staff upon arrival in the Central office (trips) should work as in your office (decision:.....need help with the options)
4. Must be a common ball between the Central and Branch office (solution: raise the VPN tunnel, further variants of the darkness, to describe all I will not, I think connect an external network drive by IP)
Question - selected normal or is there a better one ? And need advice on point 3.
p.s. was done option to organize TSO Terminal server and give remote access to it _))
noemie.Hamill81 answered on March 12th 20 at 07:58
Branch necessarily need your domain? Why not use the branch of the ReadOnly domain controller in the same domain that is deployed at the head office?
Why not take the IPSec tunnel? It, establishing a connection between two gateways, combines equivalent local area network), the static routes are written on the Internet gateway, and customers still have to the resources to which networks to connect to.
Importantly, DNS-Oh from either side had been prescribed the required domain zone, but this is solved by deploying a ReadOnly DC with his DNS.
If necessary a separate domain in the branch office, the client, who will move from one network to another, the network must be configured with the Main Gateway of the network to which he came, and DNS-s leave from the same domain (using ipsec, they will be available if gateway will give directions to them).